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CLAIMS 

WHAT IS CLAIMED IS: 1 

1. A method of facilitating the use of a software process with one of a 



plurality of secure repositories, said 

providing an 

software process; 

if said one o 



method comprising the acts of: 

interface, said interface being callable by said 

said plurality of secure repositories is said first of 



said plurality of secure repositories, providing a first set of computer-executable 
instructions which are invocable b> said callable interface; and 

if said one of said plurality of secure repositories is said second 
of said plurality of secure repositories, providing a second set of computer-executable 
instructions which are invocable by said callable interface, said second set of computer- 
executable instructions being different from said first set of computer-executable 
instructions. 



2. The method of claim 1, wherein said secure repository converts 
encrypted data to decrypted data using a cryptographic algorithm to apply a 
cryptographic key to said encrypted data, and wherein said software process performs 
an operation on said decrypted data. 

3. The method of clai^n 2, wherein said operation comprises rendering 
said decrypted data. 



4. The method of 
computer-executable instructions is 
dynamically linkable with said software 



claim 1, wherein said first or said second sets of 
provided in the ^ form of an executable file 
process. 
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function callable by said software process, said first function being parameterized by 



first data representative of 

6. The metf 
software process without 
repositories is said first of 
plurality of secure reposito 



od of claim 1, wherein said interface comprises a first 



type of secure repository. 

od of claim 5, wherein said interface is callable by said 
regard to whether said one of said plurality of secure 
said plurality of secure repositories or said second of said 
ies. 



7. The method of claim 1, wherein said interface comprises a second 



function callable by saic 
secure repository perform 



8. The meihod of claim 1, wherein said first of said plurality of secure 



repositories executes on 



software process, said second function requesting that said 
at least one action. 



a closed-platform device, and wherein said second of said 



plurality of secure repositories executes on an open-platform device. 

9. A method of communicating between a software process and a one of 
a plurality of secure repositories, said method comprising the acts of: 

sail software process issuing a first interface call which 
authenticates said software process to said one of said plurality of secure repositories; 



and 



sail software process issuing a second interface call which 



requests performance of [an action by said secure repository for said software process; 
wherein said software process issues said first and second interface calls without regard 
to whether said one of s lid plurality of secure repositories is a first of said plurality of 
secure repositories or a second of said plurality of secure repositories. 



MSFT-0187/154573.1 



55 



PATENT 





1 




2 




3 




4 




5 




6 




7 




8 




9 


Q 


10 


m 


11 


! J 






12 






||| 

i - 


13 


m 


14 


a 


15 


if!; 

Ill 


16 


/ 


17 


Q 


18 




19 




20 




21 




22 




23 




24 




25 




26 




27 




28 



10. The method of claim 9, wherein said secure repository converts 
encrypted data to decrypted data using a cryptographic algorithm to apply a 
cryptographic key to said ercrypted data, and wherein said software process performs 
an operation on said decrypted data. 

11. The method of claim 10, wherein said operation comprises rendering 
said decrypted data. 

12. The method of claim 9, wherein said first secure repository 
comprises a software-based secure repository, and wherein said second secure 
repository comprises at least some isolated hardware. 

13. The method of claim 9, wherein each of said first and second secure 
repositories are software-based repositories, said first secure repository having at least 
one feature not present in sail second secure repository. 

14. The method of claim 9, wherein said one of said plurality of secure 



repositories is said first of 
software process issues said 
said second repository exists. 

15. The met! 



said first and said second of 
type. 



said plurality of secure repositories, and wherein said 
Irst and second interface calls without regard to whether 



od of claim 9, wherein said first interface call is 



parameterized by first data representing a first type of secure repository, and wherein 



said plurality of secure repositories are each of said first 



16. The method of claim 15, wherein said software process performs a 



second action if said one of 



said plurality of repositories is either said first or said 
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second of said plurality of 
not perform said second actijon 
third of said plurality of secure 
repositories being of a second 
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repositories, and wherein said software process does 
if said one of said plurality of secure repositories is a 
repositories, said third of said plurality of secure 
type different from said first type. 



17. The method of claim 9, further comprising the acts of: 

dynamically linking to said software process a first set of 

computer-executable instructions, if said one of said plurality of repositories is said first 

of said plurality of secure repositories; and 

dynamically linking to said software process a second set of 

computer-executable instructions different from said first set of computer-executable 

instructions, if said one of said plurality of secure repositories is said second of said 



plurality of secure repositorie: 

18. The methdd 
process receiving second data 
being generated by said one 
data does not expose to said 
first secure repository or saic 



of claim 9, further comprising the act of said software 
in response to said second interface call, said second data 
said plurality of secure repositories, wherein said second 
software process whether said data was generated by said 
second secure repository. 



of 



19. A completer 
instructions to perform the method 



20. A secure 
a first 

encrypted data into decryptejd 
data; and 



readable medium encoded with computer-executable 
of claim 9. 



ijepository comprising: 
set of computer-executable instructions which converts 
data by applying a cryptographic key to said encrypted 
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a second set of computer-executable instructions which provides 
said decrypted data to a software process if said secure repository trusts said software 
process; 

wherein said secure repository establishes trust of said software process at least in part 
by establishing trust with an ir termediate object, said intermediate object comprising a 
third set of computer-executable instructions dynamically linked to said software 
process. 



21. The secure 
renders said decrypted data. 



'epository of claim 20, wherein said software process 



acts comprising: 



receiving 



22. The secure repository of claim 20, further comprising a fourth set of 
computer-executable instruction) which establishes trust with said intermediate object, 
said fourth set of computer-executable instructions including instructions to perform 



irom said intermediate object first data comprising: 



second data based at least in part on at least some code 



contained in said intermediate ob 



ect; and 

a signature of said second data; and 
validating said signature. 



23. The secure 
comprises a hash of said at least 



24. The secure 
computer-executable instructions 



Repository of claim 22, wherein said second data 
ome code. 



repository of claim 22, wherein said fourth set of 
iiirther performs acts comprising: 
receiving from said intermediate object second data based at least 
in part on code contained in said t oftware process. 



MSFT-0187/154573.1 



58- 



PATENT 





1 




2 




3 




4 




5 




6 




7 




8 




9 


a 


10 


■ j t 


11 






: £ss 


12 


: :=m- 

i/1 


13 


is 


14 




15 


iU 


16 




17 




18 




19 




20 




21 




22 




23 




24 




25 




26 




27 



25. A method of communicating with one of a plurality of secure 
repositories, said method! comprising the acts of: 

issupig a first interface call without regard to whether said one of 
said plurality of secure repositories is a first of said plurality of secure repositories or a 
second of said plurality of secure repositories; 

if said one of said plurality of secure repositories is said first of 
said plurality of secure repositories, dynamically linking with a first set of computer- 
able by said first interface call; and 
one of said plurality of secure repositories is said second 
repositories, dynamically linking with a second set of 
ions invocable by said first interface call, said second said 
of computer-executable instjructions being different from said first set of computer- 
executable instructions. 



executable instructions invo 

if saic 

of said plurality of secure 
computer-executable instruc 



26. The metind 
repositories converts encrypted 
to apply a cryptographic key 



of claim 25, wherein each of said plurality of secure 
data to decrypted data using a cryptographic algorithm 
;o said encrypted data. 



27. The method 
comprises a software-based 
repository comprises at least s<t>me 



of claim 25, wherein said first secure repository 
secure repository, and wherein said second secure 
isolated hardware. 



28. The methoc 
secure repositories are software 
least one feature not present in 



of claim 25, wherein each of said first and second 
-based repositories, said first secure repository having at 
said second secure repository. 
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29. The method of claim 25, wherein said act of performing said first 
action comprises executing! a first set of computer-executable instructions, and wherein 
said first action comprises the act of providing to said first secure repository first data 
based at least in part oji at least some of said first set of computer-executable 
instructions. 



30. A 

computer-executable i 



computer-readable medium encoded with a second set of 
instructions to perform the method of claim 25. 



31. A met iod 
software process, said method 

estab 

intermediary object; and 

usiifg 

process the authenticity o 



of authenticating a first software process to a second 
comprising the acts of: 
lishing to said second software process the authenticity of an 

said intermediary object to establish to said second software 
said first software process. 



to 



32. The 
converts encrypted data 
cryptographic key to sd: 
performs an operation or 



ijnethod of claim 31, wherein said second software process 
decrypted data by using a cryptographic algorithm to apply a 
id encrypted data, and wherein said first software process 
said decrypted data. 



33. The mjethod of claim 32, wherein said operation comprises rendering 
said decrypted data. 

34. The mkhod of claim 33, wherein said first software process is a text- 
rendering application, anc wherein said decrypted data comprises text. 
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35. The 
a set of computer 
software process, and 
the authenticity of said 
first software process cal 
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of claim 31, wherein said intermediary object comprises 
instructions having a first function callable from said first 
Wherein the act of establishing to said second software process 
intermediary object includes, or is actuated by, the act of said 
ing said first function. 



illinj 



36. The method of claim 35, wherein said act of establishing to said 
second software process trie authenticity of said intermediary object includes the act of 
providing said second software process with a certificate based at least in part on said 



set of computer-executable 



37. The meihod 
hash of at least some of said 



instructions. 



of claim 36, wherein said certificate comprises a signed 
computer-executable instructions. 



38. The method of claim 35, wherein said intermediary object is in the 
address space of said f rst software process, and wherein said first function is 
referenceable by an addrej s within said address space. 



method 
cally 



39. The 
instructions is dynami 
method further comprises 
with said first software piocess 



of claim 35, wherein said set of computer-executable 
linkable with said first software process, and wherein said 
the act of linking said set of computer-executable instructions 



40. The method of claim 31, wherein said intermediary object comprises 
a set of computer-execut ible instructions having a first function callable from said first 
software process, and w ierein said act of using said intermediary object to establish to 
said second software pre cess the authenticity of said first software process includes, or 
is actuated by, the act ofl said first software process issuing a call to said first function. 
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41. A com] 
computer-executable instruc 



uter-readable medium encoded with a second set of 
ions to perform the method of claim 3 1 . 



